Summary:

Use the promo code “ExploringSec” to get $50 off your registration

In this episode of Exploring Information Security, host Timothy De Block welcomes Amanda Berlin, CEO of Mental Health Hackers & Senior Product Manager at Blumira, to discuss her experiences in security product development, incident detection, and the challenges of balancing security with usability. They explore the limitations of pentest reports, the practicality of security automation, and the psychology behind effective security awareness training. Amanda also shares insights on how small businesses can implement security without breaking the bank and what to expect from ShowMeCon.

Topics Discussed:

• Amanda’s Keynote at ShowMeCon – How she ended up speaking and why Dave’s method of picking speakers is unconventional.

• Security Automation vs. Usability – Why some industries can implement auto-lockouts, while others (like hospitals) cannot.

• The Problem with Pentest Reports – Why they often contain unrealistic security expectations that don’t translate to real-world environments.

• Getting Buy-In for Security Solutions – How to understand what organizations actually need instead of pushing the latest security trend.

• The Role of Nudge Theory in Awareness Training – Why small, repeated reinforcements can be more effective than long training videos.

• Security for Small Businesses – Strategies for implementing security on a limited budget and making defenses practical.

• Side Tangents & Fun Conversations – Crossword puzzles, Wordle streaks, and the absurdity of marketing budgets in cybersecurity.

Key Takeaways:

• Security needs to be tailored to the environment—automation can improve security, but in some cases, it can create more risks.

• Pentest reports often miss the mark by listing detected issues without considering operational feasibility.

• Security awareness is most effective when it’s continuous and engaging, rather than a one-time annual training.

• Listening to users is critical—security teams must balance technical controls with usability needs.

• ShowMeCon continues to be a top-tier conference for hands-on security learning and industry networking.

Showmecon Links and Resources:

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]